Minneapolis – Security staff at Target Corp. reportedly warned management of the risk of a cyber attack before the retailer’s widely publicized November 2013 data breach took place. According to the Wall Street Journal, at least one security analyst at Target recommended the retailer perform a more thorough review of its payment network as early as September 2013.
Senior management reportedly did not initially follow the analyst’s recommendation, which followed warnings from the federal government about emerging new forms of malware that could threaten payment terminals. At the time, Target was upgrading its POS terminals to prepare for the Black Friday shopping rush, which both reduced available time to conduct a security review and also increased network vulnerability.
It is not known whether Target eventually conducted the review as requested before the attack.
Target CFO John Mulligan has previously stated that Target passed a security review in September 2013 and that the company did not know its payment network and terminals had been breached until it was notified by the federal government in late 2013.
The November-December data breach is thought to have originated with dedicated network link used by a Pennsylvania-based heating and refrigerator contractor, Fazio Mechanical Services. It is unclear whether the warning from Target’s security analyst could have prevented the attack if it were responded to in a more timely manner. Target declined comment on the article.